package com.dailyblue.java.boot.security.project.controller;

import com.dailyblue.java.boot.security.project.service.PowersService;
import com.dailyblue.java.spring.boot.commons.util.JsonResult;
import com.dailyblue.java.spring.boot.commons.util.ResultTool;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.annotation.Resource;

@RestController
@RequestMapping("/powers")
@CrossOrigin
public class PowersController {
    @Resource
    private PowersService powersService;

    @GetMapping
    public JsonResult find() {
        return ResultTool.success(powersService.list());
    }

    @RequestMapping("/find_power")
    @PreAuthorize("hasAuthority('/powers/find_power')")
    public JsonResult find_power(int uid, int[] pid) {
        powersService.updatePowerByUserId(uid, pid);
        return ResultTool.success("展现权限");
    }

}
